Hi!
Sorry for sending this to the mailing list directly, perhaps it's the wrong
forum.
I did not find any other "feature request"-link on the haproxy-site.
If this is the wrong forum, please let me know.
I would love if there was a "requeue" action, for "tcp-request connection
<action>", which just puts this request "last" in the queue - to be
processed again (at a later time).
That way, we can easily handle NAT-connections, in a fairly "safe" way
without having to reject them completely if they're playing nice.
Like this:
tcp-request connection requeue if { src_conn_cur ge 3 }
tcp-request connection reject if { src_conn_cur ge 20 }
Also, a src_sess_cur variable showing the number of currently
backend-handled sessions from the source IP-address would be lovely,
instead of just src_conn_cur - which could be in the frontend-queue, right?
Then we could do "tcp-request connection requeue if { src_sess_cur ge 3 }"
instead.
I am sorry if this already can be easily accomplished, and I'm too stupid
to understand it.
What I am aiming for is that we then easily configure NAT-clients
(companies) in a very easy and safe way. In my examples above we handle a
maximum of 3 requests in the backend, from a single IP, and keep requeueing
new requests from that IP, which will eventually be handled at a future
point. If we get a lot of connections from the IP, 20, well, OK, drop them.
Many users behind a single NAT-IP-address will probably see our site as
normally working, even if they are opening a lot of connections. They will
just be queued (the site will appear "slower" for them). If we drop a bunch
of requests, some users will perhaps (depending on how they have their
browser/proxy configured) see the site as broken.
--
Regards
Charlie Elgholm
Brightly AB
